Pacific City Bank Discloses Ransomware attack claimed by AvosLocker

Pacific City Bank (PCB), one of the largest Korean-American community banking service providers in America, has disclosed a ransomware incident that took place last month.

The bank is circulating notices to inform its clients of a security breach it identified on August 30, 2021, which they claim to have addressed promptly.

Sensitive details leaked

PCB’s internal investigation on what happened was concluded on September 7, 2021, and it revealed that ransomware actors had unfortunately obtained the following information from its systems:

• Loan application forms
• Tax return documents
• W-2 information of client firms
• Payroll records of client firms
• Full names
• Addresses
• Social Security Numbers
• Wage and tax details

As PCB clarifies, not all clients have been impacted the same, as each customer has provided different documents and details that were stored in the compromised systems.

Also Read: 6 ways to recognize potential phishing scam and what to do if you receive one

Also, whether or not this incident affects the entire clientele of the bank or just a small subset has not been determined. We have reached out to the bank for clarifications, but we have not heard back yet.

The recipients of these notices are advised to remain vigilant against incoming communications and monitor their financial account statements and credit reports for signs of fraud.

Additionally, the bank is offering one year of free credit monitoring and identity theft protection services through Equifax, with instructions on how to enroll enclosed in the letters. Follow these instructions without deviation to avoid getting scammed by actors who may attempt to seize the opportunity.

An AvosLocker victim

While Pacific City Bank did not reveal the name of the ransomware group behind the September incident, AvosLocker is claiming the attack and has published an entry on their data leak site

The date of the incident is set on September 4, 2021, so the five days of difference may just be the “grace” period of the initial negotiation round, during which ransomware actors typically avoid making announcements.

The files that were eventually posted on the extortion portal are showing what PCB has now admitted as compromised, so there are no disparities there.

AvosLocker is one of the newer ransomware operators, appearing in the wild this summer, calling for affiliates on various underground forums to join the RaaS.

Also Read: How does ransomware happen? Here are 7 ways to prevent them

The group uses a multi-threaded ransomware strain that enables them to encrypt files fast, while the payload is deployed manually by the attacker. Although the AvosLocker features some string and API obfuscation to evade static detection, it is generally “naked”, coming without a crypting layer.

For more details on the AvosLocker and what you can do if you’re hit by this ransomware family, check out our support topic.